How to obtain new certificate from ADCS server?

MyaThway Khine 21 Reputation points
2022-09-11T15:40:09.617+00:00

Dear Team,
I have active directory and CA server separately.
As I can see, AD server has three certificates issued by CA.
1 . Directory Service Email Replication
2. Kerberos Authentication
3. domain controller authentication

What will happen if I "renew these certificates with new key" ?
Is there any effect for domain computers and users?

Could you kindly suggest?

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,834 questions
0 comments No comments
{count} votes

Accepted answer
  1. Limitless Technology 39,616 Reputation points
    2022-09-12T20:09:09.537+00:00

    Hello there,

    When you renew Enterprise CA certificate, it is automatically published to Active Directory and domain clients will automatically retrieve and install renewed CA certificates. Existing certificates will be valid until they expire.

    Whether you are obtaining a new SSL certificate from a third party or from an enterprise certification authority (CA), ensure the certificate has subject alternative name entries of type DNS .

    This discussion might shed some insights about your query https://social.technet.microsoft.com/Forums/windowsserver/en-US/e733b5c4-611f-4fde-84e8-8c1e18db1910/renew-issuing-ca-cert-new-key-pair?forum=winserversecurity

    I hope this information helps. If you have any questions please let me know and I will be glad to help you out.

    --------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. JimmySalian-2011 42,106 Reputation points
    2022-09-11T19:05:32.7+00:00

    Hi,

    No issues if you renew with new key, just make sure the SAN and other details in the Certificate is same including the CN.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


  2. MyaThway Khine 21 Reputation points
    2022-10-20T08:43:49.597+00:00

    Do you know what is the usage of "RAS and IAS Server template" ?
    We need to renew the certificate since it is expired.
    Do you know what the difference when we renew the certificate with "same key " or "new key" ?

    How can we decide how it will impact to domain users or domain computers?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.